Skip to content
Newer
Older
100644 71 lines (48 sloc) 2.3 KB
c89a8a7 @oguzy manual add of README to the master branch
authored
1 Installation
2
3 * Install zc.buildout:
4 At Ubuntu this is done via the command below
5
6 $ sudo apt-get install python-zc.build
7
8 * Run the buildout command to initialize and install the requirements
9
10 $ cp buildout.cfg.org buildout.cfg
11 $ python bootstrap.py
12 $ buildout2.7
13
14 * install mongodb server
15 $ sudo apt-get install mongodb-server
16 You may test the mongodb running my writing mongo to he command line
17 it you see an shell like below then you may continue with bro installation
18
19 $ mongo
20 MongoDB shell version: 2.0.4
21 connecting to: test
22
23 Requirements for Bro installation
24
25 $ sudo apt-get install libmagic-dev libgeoip-dev libpcap-dev libssl-dev libncurses5-dev g++ bison flex cmake swig2.0 make gcc g++ python-dev swig zlib1g-dev
26 $ ./configure --enable-debug
27 $ make
28 $ sudo make install
29 $ cd /usr/local/bro/bin
30 $ sudo broctl
31 $ install
32 $ start
33 $ stop
34 $ check
35 $ exit
36 $ /usr/local/bro/bin/bro -C -r pcap_fille.name should be working
37
38 * Bro is used both for protocol detection and TCP reassembly. To let Bro handle assemble the contents, a file should be changed. If you installed Bro to /usr/local/bro/ then edit the file /usr/local/bro/share/bro/base/protocols/conn/contents.bro as below
39
40 ## If this variable is set to ``T``, then all contents of all connections
41 ## will be extracted.
42 const default_extract = T &redef;
43
44 * make a directory named "uploads" where the setting.py file is.
45
46 $ mkdir uploads
47 $ chown a+w uploads
48
49 * tshark is required for an alternative method to detect application layer protocols where bro fails
50 $ sudo apt-get install tshark
51
52 * If you got backend errors like "django.core.exceptions.ImproperlyConfigured: 'django_mongodb_engine' isn't an available database backend."
53 install the django-mongodb backend manually
54
55 $ pip install hg+https://bitbucket.org/wkornewald/django-nonrel
56 $ pip install hg+https://bitbucket.org/wkornewald/djangotoolbox
57 $ pip install git+https://github.com/django-nonrel/mongodb-engine
58
59
60 Django projects requires a table creation first
61
62 $ bin/django syncdb
63
64 The project uses hachoir Python library, install them also
65
66 $ sudo apt-get install python-hachoir-* (i should add this part to the buildout configuration also)
67
68 * to handle smtp, it is required to install tcpflow. After checking the results of Bro and Tcpflow, for smtp, the created flows files seem more manageable.
69 $ sudo apt-get install tcpflow
70
Something went wrong with that request. Please try again.